Infrastructure/infra-docs-fpo
1
0
Fork 0
Code Issues 100 Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add a paragraph to update the fedmsg CRL and publish it

Browse source 
Fixes: https://pagure.io/fedora-infrastructure/issue/11599

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2023-11-03 09:11:51 +01:00
parent 503a288196
commit d6ee6aa6cb
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
1 changed files with 21 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

21
modules/sysadmin_guide/pages/fedmsg-certs.adoc
View file

@ -176,3 +176,24 @@ panic. :)
At the time of this writing, the CRL is not actually used. I need one At the time of this writing, the CRL is not actually used. I need one
publicly available first so we can test it out. publicly available first so we can test it out.
==== ====
== Regenerating the CRL
When the CRL has expired, it needs to be re-generated and re-published.
In the private repo:
....
$ cd files/fedmsg-certs
$ source ./vars
$ ./regen-crl
$ git commit -a -s -m "Regenerate the fedmsg CRL"
$ git push
....
Then run the proxies playbook including only the `fedmsg/crl` tag to publish
the updated CRL:
....
$ rbac-playbook playbooks/groups/proxies.yml -t fedmsg/crl
....